Release 0.18.1

- Lombok no longer leaks into runtime dependencies

Author: emlun

NEWS

@@ -1,52 +1,69 @@
-* Release 0.18.0
-  * u2flib-server-core:
-    * Breaking changes:
-      * "Authenticate" renamed to "sign" everywhere in `u2flib-server-core`
-        * Classes `AuthenticateRequest` renamed to `SignRequest`
-        * Class `AuthenticateRequestData` renamed to `SignRequestData`
-        * Class `AuthenticateResponse` renamed to `SignResponse`
-        * Method `Client.authenticate` renamed to `sign`
-        * Class `RawAuthenticateResponse` renamed to `RawSignResponse`
-        * Method `SoftKey.authenticate` renamed to `sign`
-        * Method `U2F.finishAuthentication` renamed to `finishSignature`
-        * Method `U2F.startAuthentication` renamed to `startSignature`
-        * Method `U2fPrimitives.finishAuthentication` renamed to
-          `finishSignature`
-        * Method `U2fPrimitives.startAuthenticateion` renamed to
-          `startSignature`
-      * Constants `AUTHENTICATE_TYP` and `REGISTER_TYPE` in `U2fPrimitives`
-          are now private
-
-* Version 0.17.1
-  * u2flib-server-attestation module now uses SLF4J logging instead of
-    `Throwable.printStackTrace`
-
-* Version 0.17.0
-  * u2flib-server-core:
-    * Breaking changes:
-      * Field
-       `RegisterRequestData.authenticateRequests: List<AuthenticateRequest>`
-       replaced by field `registeredKeys: List<RegisteredKey>`
-    * Additions:
-      * Fields added to class `AuthenticateRequestData`:
-        * `challenge: String`
-        * `appId: String`
-      * New class `RegisteredKey`
-      * Field `appId: String` added to `RegisterRequestData`
-
-  * u2flib-server-demo:
-    * `u2f-api.js` upgraded from version 1.0 to 1.1
-    * JS calls in views updated to work with version 1.1 of the JS API
-    * All views except `loginIndex` and `registerIndex` are now rendered via
-      templates
-    * Navigation links added to all views
-    * Error feedback improved
-
-* Version 0.13.1 (unreleased)
- ** Changed demo server URL to `localhost:8080`.
- ** Added the method `ClientData.getString` to get arbitrary clientData fields.
- ** Added u2flib-server-attestation for device attestation and metadata.
-
-* Version 0.13.0
- ** Added built-in support for multiple devices per user.
- ** Fixed demo server bug when running from jar. Thanks to axianx.
+== Version 0.18.1 ==
+
+* Lombok now longer leaks into runtime dependencies
+
+
+== Version 0.18.0 ==
+
+=== u2flib-server-core ===
+
+Breaking changes:
+
+* "Authenticate" renamed to "sign" everywhere in `u2flib-server-core`
+** Classes `AuthenticateRequest` renamed to `SignRequest`
+** Class `AuthenticateRequestData` renamed to `SignRequestData`
+** Class `AuthenticateResponse` renamed to `SignResponse`
+** Method `Client.authenticate` renamed to `sign`
+** Class `RawAuthenticateResponse` renamed to `RawSignResponse`
+** Method `SoftKey.authenticate` renamed to `sign`
+** Method `U2F.finishAuthentication` renamed to `finishSignature`
+** Method `U2F.startAuthentication` renamed to `startSignature`
+** Method `U2fPrimitives.finishAuthentication` renamed to `finishSignature`
+** Method `U2fPrimitives.startAuthenticateion` renamed to `startSignature`
+* Constants `AUTHENTICATE_TYP` and `REGISTER_TYPE` in `U2fPrimitives` are
+  now private
+
+== Version 0.17.1 ==
+
+* u2flib-server-attestation module now uses SLF4J logging instead of
+  `Throwable.printStackTrace`
+
+
+== Version 0.17.0 ==
+
+=== u2flib-server-core ===
+
+Breaking changes:
+
+* Field `RegisterRequestData.authenticateRequests: List<AuthenticateRequest>`
+ replaced by field `registeredKeys: List<RegisteredKey>`
+
+Additions:
+
+* Fields added to class `AuthenticateRequestData`:
+  * `challenge: String`
+  * `appId: String`
+* New class `RegisteredKey`
+* Field `appId: String` added to `RegisterRequestData`
+
+=== u2flib-server-demo ===
+
+* `u2f-api.js` upgraded from version 1.0 to 1.1
+* JS calls in views updated to work with version 1.1 of the JS API
+* All views except `loginIndex` and `registerIndex` are now rendered via
+  templates
+* Navigation links added to all views
+* Error feedback improved
+
+
+== Version 0.13.1 (unreleased) ==
+
+* Changed demo server URL to `localhost:8080`.
+* Added the method `ClientData.getString` to get arbitrary clientData fields.
+* Added u2flib-server-attestation for device attestation and metadata.
+
+
+== Version 0.13.0 ==
+
+* Added built-in support for multiple devices per user.
+* Fixed demo server bug when running from jar. Thanks to axianx.

README

@@ -4,21 +4,33 @@ image:https://travis-ci.org/Yubico/java-u2flib-server.svg?branch=master["Build S
 image:https://coveralls.io/repos/github/Yubico/java-u2flib-server/badge.svg["Coverage Status", link="https://coveralls.io/github/Yubico/java-u2flib-server"]
 
 Server-side https://developers.yubico.com/U2F[U2F] library for Java. Provides functionality for registering
-U2F devices and authenticate with said devices.
+U2F devices and authenticating with said devices.
 
 === Dependency
+
+Maven:
 [source, xml]
  <dependency>
    <groupId>com.yubico</groupId>
    <artifactId>u2flib-server-core</artifactId>
-   <version>0.16.0</version>
+   <version>0.18.1</version>
  </dependency>
 
+Gradle:
+[source, groovy]
+ repositories{ mavenCentral() }
+ dependencies {
+   compile 'com.yubico:u2flib-server-core:0.18.1'
+ }
+
 === Example Usage
 NOTE: Make sure that you have read https://developers.yubico.com/U2F/Libraries/Using_a_library.html[Using a U2F library] before continuing.
 
 [source, java]
 ----
+
+private abstract Iterable<DeviceRegistration> getRegistrations(String username);
+
 @GET
 public View startAuthentication(String username) throws NoEligibleDevicesException {
 
@@ -50,7 +62,7 @@ public String finishAuthentication(SignResponse response, String username) throw
 }
 ----
 
-In the above example `getRegistrations()` returns the U2F devices currently associated with a given user.
+In the above example `getRegistrations()` will return the U2F devices currently associated with a given user.
 This is most likely stored in a database. 
 See link:u2flib-server-demo[`u2flib-server-demo`] for a complete demo server (including registration and storage of U2F devices).
 
@@ -62,5 +74,5 @@ JavaDoc can be found at https://developers.yubico.com/java-u2flib-server[develop
 The attestation module (`u2flib-server-attestation`) enables you to restrict registrations to certain U2F devices (e.g. devices made by a specific vendor). It can also provide metadata for devices.
 
 === Serialization
-All relevant classes implements `Serializable`, so instead of using `toJson()`, you can use Java's built in serialization mechanism.
+All relevant classes implement `Serializable`, so instead of using `toJson()`, you can use Java's built in serialization mechanism.
 Internally the classes use Jackson to serialize to and from JSON, and the ObjectMapper from Jackson can be used.

build.gradle

@@ -33,14 +33,15 @@ allprojects  {
     signing {
       sign configurations.archives
     }
+    signArchives.dependsOn check
   }
 
   task wrapper(type: Wrapper) {
     gradleVersion = '4.1'
   }
 
   group = 'com.yubico'
-  version = '0.18.0'
+  version = '0.18.1'
 
   sourceCompatibility = 1.6
   targetCompatibility = 1.6
@@ -56,6 +57,8 @@ allprojects  {
   }
 }
 
+evaluationDependsOnChildren()
+
 subprojects {
   task packageSources(type: Jar) {
     classifier = 'sources'
@@ -72,8 +75,9 @@ subprojects {
 
   dependencies {
 
+    compileOnly 'org.projectlombok:lombok:1.16.18'
+
     compile(
-      [group: 'org.projectlombok', name: 'lombok', version:'1.16.18'],
       'org.slf4j:slf4j-api:1.7.25',
     )
 
@@ -101,6 +105,39 @@ subprojects {
           snapshotRepository(url: 'https://oss.sonatype.org/content/repositories/snapshots/') {
             authentication(userName: ossrhUsername, password: ossrhPassword)
           }
+
+          pom.project {
+            name project.description
+            description 'Java server-side library for U2F'
+            url 'https://developers.yubico.com/'
+
+            developers {
+              developer {
+                id 'dain'
+                name 'Dain Nilsson'
+                email '[email protected]'
+              }
+              developer {
+                id 'emil'
+                name 'Emil Lundberg'
+                email '[email protected]'
+              }
+            }
+
+            licenses {
+              license {
+                name 'BSD-license'
+                comments 'Revised 2-clause BSD license'
+              }
+            }
+
+            scm {
+              url 'scm:git:git://github.com/Yubico/java-u2flib-server.git'
+              connection 'scm:git:git://github.com/Yubico/java-u2flib-server.git'
+              developerConnection 'scm:git:ssh://[email protected]/Yubico/java-u2flib-server.git'
+              tag 'HEAD'
+            }
+          }
         }
       }
     }

pom.xml

@@ -4,7 +4,7 @@
     <groupId>com.yubico</groupId>
     <artifactId>u2flib-server-parent</artifactId>
     <packaging>pom</packaging>
-    <version>0.18.0</version>
+    <version>0.8.1</version>
     <name>U2F parent</name>
     <description>Java server-side library for U2F</description>
     <properties>

u2flib-server-attestation/README.adoc

@@ -1,22 +1,31 @@
 == Device attestation  module
-Module for verifying attestation certificates and provide additional device metadata.
+Module for verifying attestation certificates and providing additional device metadata.
 
 This is useful if you want to:
 
- - Restrict which type of devices that can be registered with your server.
+ - Restrict which types of devices that can be registered with your server
  - Give users rich data about their registered devices, such as:
-   * The vendor and model name.
-   * Display an image of the device model.
+   * The vendor and model name
+   * An image of the device model
 
 
 === Dependency
+
+Maven:
 [source, xml]
  <dependency>
    <groupId>com.yubico</groupId>
    <artifactId>u2flib-server-attestation</artifactId>
-   <version>0.16.0</version>
+   <version>0.18.1</version>
  </dependency>
 
+Gradle:
+[source, groovy]
+ repositories{ mavenCentral() }
+ dependencies {
+   compile 'com.yubico:u2flib-server-attestation:0.18.1'
+ }
+
 
 === Usage
 The Attestation class lets you know if the attestation certificate from the registration is trusted, and provides you with metadata about the vendor as well as the device itself.

u2flib-server-attestation/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <artifactId>u2flib-server-parent</artifactId>
         <groupId>com.yubico</groupId>
-        <version>0.18.0</version>
+        <version>0.8.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -14,7 +14,7 @@
         <dependency>
             <groupId>com.yubico</groupId>
             <artifactId>u2flib-server-core</artifactId>
-            <version>0.18.0</version>
+            <version>0.8.1</version>
         </dependency>
     </dependencies>
 

u2flib-server-core/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <artifactId>u2flib-server-parent</artifactId>
         <groupId>com.yubico</groupId>
-        <version>0.18.0</version>
+        <version>0.8.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

u2flib-server-demo/README

@@ -6,20 +6,16 @@ class.
 === 1. Clone
  git clone https://github.com/Yubico/java-u2flib-server.git
 
-=== 2. Compile
-Go to the demo server directory:
- 
- cd java-u2flib-server/u2flib-server-demo
+=== 2. Run
+ ./gradlew run
 
-Compile using `mvn clean install` and then run using
-`java -jar target/u2flib-server-demo.jar server config.yml`.
-
-=== 3. Run
-Then point a U2F-compatible web browser (e.g. Chrome) to
-link:https://localhost:8443/assets/registerIndex.html[https://localhost:8443/assets/registerIndex.html].
+=== 3. Try it out
+Then point a
+https://www.yubico.com/support/knowledge-base/categories/articles/browsers-support-u2f/[U2F compatible web browser]
+to link:https://localhost:8443/assets/registerIndex.html[https://localhost:8443/assets/registerIndex.html].
 
 NOTE: Since U2F requires a HTTPS connection, this demo server uses a dummy certificate.
-This will cause Chrome to show a warning, which it is safe to bypass.
+This will cause your browser to show a warning, which it is safe to bypass.
 
 === Troubleshooting
 [qanda]

u2flib-server-demo/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>u2flib-server-parent</artifactId>
         <groupId>com.yubico</groupId>
-        <version>0.18.0</version>
+        <version>0.8.1</version>
     </parent>
     <artifactId>u2flib-server-demo</artifactId>
     <name>U2F demo</name>
@@ -14,12 +14,12 @@
         <dependency>
             <groupId>com.yubico</groupId>
             <artifactId>u2flib-server-core</artifactId>
-            <version>0.18.0</version>
+            <version>0.8.1</version>
         </dependency>
         <dependency>
             <groupId>com.yubico</groupId>
             <artifactId>u2flib-server-attestation</artifactId>
-            <version>0.18.0</version>
+            <version>0.8.1</version>
         </dependency>
         <dependency>
             <groupId>io.dropwizard</groupId>